On Thu, Aug 15, 2013 at 8:44 PM, Stephen Harris <lists@xxxxxxxxxx> wrote:
> On Thu, Aug 15, 2013 at 06:40:54PM -0700, Devin Reade wrote:
>> Last time I checked a few years ago I don't think AD supported an LDAP anonymous bind, so you may need to bind as that user in order to validate the creds.
>
> AD is kerberos for authentication. If you just want to authenticate user
> "xyzzy" to AD with password (as opposed to krb keys) then just configure
> /etc/krb5.conf to point to an AD domain controller.
>
> Don't need LDAP at all.
>
> Everything else (samba, ldap, etc) gives closer integration, but isn't
> essential for pure 'AD password' authentication.
Authconfig sets that up with pam when you pick kerberos authentication
and it works fine for linux user logins (console, ssh, etc.). What I
want in addition is for those users to be able to map their home
directories from a windows box using that same login/password. I
don't really care if they have to enter it explicitly for the share or
if whatever windows does because they are already logged into the
domain, I just don't want to manage a separate copy of each user's
password. And what authconfig puts in the smb.conf doesn't seem to
work that way. I used to be able to use security=server against an
older style windows domain controller, but I think the AD domain has
been upgraded and no longer has that backwards compatibility mode.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
